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AMENDMENTS TO THE CLAIMS 

The listing of claims will replace all prior versions, and listings of claims in the 
application: 

LISTING OF CLAIMS 

1 . (Original) A small footprint device comprising 

a. at least one processing element; 

b. memory, 

c. a context barrier for isolating one program module from at least one other program module 

using said memory and processing element, and 

d. an entry point object for permitting one program module to access one other program 

module across said context barrier. 



2-29 (Cancelled) 

30. (New) A small footprint device comprising: 

at least one processing element configured to execute groups of one or more program 

modules in separate contexts, said one or more program modules comprising zero or 

more sets of executable instructions and zero or more sets of data definitions, said zero 

or more sets of executable instructions and said zero or more data definitions grouped as 

object definitions, each context comprising a protected object instance space such that at 

least one of said object definitions is instantiated in association with a particular context; 
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a memory comprising instances of objects; and 

a context barrier for separating and isolating said contexts, said context barrier configured 
for controlling execution of at least one instruction of one of said zero or more sets of 
instructions comprised by a program module based at least in part on whether said at 
least one instruction is executed for an object instance associated with a first one of said 
one or more separate contexts and whether said at least one instruction is requesting 
access to an instance of an object definition associated with a second one of said one or 
more separate contexts, said context barrier further configured to prevent said access if 
said access is unauthorized and enable said access if said access is authorized; and 

an entry point object for permitting one program module to access information from another 
program module across said context barrier. 

31. (New) The small footprint device of claim 30 in which said context barrier allocates 
separate name spaces for each program module. 

32. (New) The small footprint device of claim 30 in which at least two program modules can 
access said entry point object even though they are located in different respective name 
spaces. 

33. (New) The small footprint device of claim 30 in which said context barrier allocates 
separate memory spaces for each program module. 



6 



SUN-P3709CNT 
(811173-000419) 

34. (New) The small footprint device of claim 33 in which at least two program modules can 
access said entry point object even though they are located in different respective memory 
spaces. 

35. (New) The small footprint device of claim 30 in which said context barrier enforces security 
checks on at least one of a principal, an object, and an action. 

36. (New) The small footprint device of claim 35 in which at least one security check is based 
on partial name agreement between a principal, and an object. 

37. (New) The small footprint device of claim 36 in which at least one program can access said 
entry point object without said at least one security check. 

38. (New) The small footprint device of claim 35 in which at least one security check is based 
on memory space agreement between a principal and an object. 

39. (New) The small footprint device of claim 38 in which at least one program can access said 
entry point object without said at least one security check. 

40. (New) The small footprint device of claim 30 wherein an object instance is associated with 
a context by recording the name of said context in a header of said object instance, 
information in said header inaccessible to said one or more program modules. 



41. 



(New) The small footprint device of claim 30 wherein 
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said memory comprises object header data, said object header data comprising information 

associated with at least one of said instances of objects; and 
said controlling execution is based at least in part on said object header data. 

42. (New) The small footprint device of claim 30 wherein 

said memory is partitioned into a plurality of memory spaces with instances of objects 

allocated for storage in one of said plurality of storage spaces; and 
said controlling execution is based at least in part on determining the storage space allocated 

to an executing object instance and an accessed object instance. 



43. (New) A method of operating a small footprint device that includes a processing machine, 

wherein program modules are executed on the processing machine, the method comprising: 

separating contexts using a context barrier, said context barrier configured to for controlling 

execution of at least one instruction of one of said zero or more sets of instructions 

comprised by a program module based at least in part on whether said at least one 

instruction is executed for an object instance associated with a first one of said one or 

more separate contexts and whether said at least one instruction is requesting access to 

an instance of an object definition associated with a second one of said one or more 

separate contexts, said separating further comprising: 

preventing said access if said access is unauthorized; and 

enabling said access if said access is authorized; 

executing groups of one or more program modules in separate contexts, said one or more 

program modules comprising zero or more sets of executable instructions and zero or 

more sets of data definitions, said zero or more sets of executable instructions and said 
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zero or more data definitions grouped as object definitions, each context comprising a 
protected object instance space such that at least one of said object definitions is 
instantiated in association with a particular context; and 
permitting access to information across said context barrier using an entry point object. 

44. (New) The method of claim 43 wherein an object instance is associated with a context by 
recording the name of said context in a header of said object instance, information in said 
header inaccessible to said one or more program modules. 

45. (New) The method of claim 43 wherein said controlling execution is based at least in part on 
object header data comprising information associated with at least one of said instances of 
objects. 

46. (New) The method of claim 43 wherein 

a memory of said small footprint device is partitioned into a plurality of memory spaces with 
instances of objects allocated for storage in one of said plurality of storage spaces; and 

said controlling execution is based at least in part on determining the storage space allocated 
to an executing object instance and an accessed object instance. 

47. (New) A method of permitting access to information on a small footprint device from a first 
program module to a second program module separated by a context barrier, said small 
footprint device comprising: 

at least one processing element configured to execute groups of one or more program 

modules in separate contexts, said one or more program modules comprising zero or 
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more sets of executable instructions and zero or more sets of data definitions, said zero 
or more sets of executable instructions and said zero or more data definitions grouped as 
object definitions, each context comprising a protected object instance space such that at 
least one of said object definitions is instantiated in association with a particular context; 
a memory comprising instances of objects; and 

a context barrier for separating and isolating said contexts, said context barrier configured 
for controlling execution of at least one instruction of one of said zero or more sets of 
instructions comprised by a program module based at least in part on whether said at 
least one instruction is executed for an object instance associated with a first one of said 
one or more separate contexts and whether said at least one instruction is requesting 
access to an instance of an object definition associated with a second one of said one or 
more separate contexts, said context barrier further configured to prevent said access if 
said access is unauthorized and enable said access if said access is authorized, the 
method comprising: 

creating an entry point object which may be accessed by at least two program modules; and 
using said entry point object to permit access to information across said context barrier. 

48. (New) The method of claim 47 wherein an object instance is associated with a context by 
recording the name of said context in a header of said object instance, information in said 
header inaccessible to said one or more program modules. 

49. (New) The method of claim 47 wherein said controlling execution is based at least in part on 
object header data comprising information associated with at least one of said instances of 
objects. 
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50. (New) The method of claim 47 wherein 

a memory of said small footprint device is partitioned into a plurality of memory spaces with 
instances of objects allocated for storage in one of said plurality of storage spaces; and 

said controlling execution is based at least in part on determining the storage space allocated 
to an executing object instance and an accessed object instance. 

51. (New) A computer program product, comprising: 
a memory medium; and 

a computer controlling element comprising instructions for implementing a context barrier 
on a small footprint device and for bypassing said context barrier using an entry point 
object, said small footprint device comprising: 

at least one processing element configured to execute groups of one or more program 
modules in separate contexts, said one or more program modules comprising zero or 
more sets of executable instructions and zero or more sets of data definitions, said zero 
or more sets of executable instructions and said zero or more data definitions grouped as 
object definitions, each context comprising a protected object instance space such that at 
least one of said object definitions is instantiated in association with a particular context; 

a memory comprising instances of objects; and 

a context barrier for separating and isolating said contexts, said context barrier configured 

for controlling execution of at least one instruction of one of said zero or more sets of 

instructions comprised by a program module based at least in part on whether said at 

least one instruction is executed for an object instance associated with a first one of said 

one or more separate contexts and whether said at least one instruction is requesting 
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access to an instance of an object definition associated with a second one of said one or 
more separate contexts, said context barrier further configured to prevent said access if 
said access is unauthorized and enable said access if said access is authorized. 

52. (New) The computer program product of claim 51 in which said medium is a carrier wave. 

53. (New) A computer program product, comprising: 
a memory medium; and 

a computer controlling element comprising instructions for separating a plurality of 
programs on a small footprint device by running them in respective contexts and for 
permitting one program to access information from another program by bypassing a 
context barrier using an entry point object, said small footprint device comprising: 

at least one processing element configured to execute groups of one or more program 
modules in separate contexts, said one or more program modules comprising zero or 
more sets of executable instructions and zero or more sets of data definitions, said zero 
or more sets of executable instructions and said zero or more data definitions grouped as 
object definitions, each context comprising a protected object instance space such that at 
least one of said object definitions is instantiated in association with a particular context; 

a memory comprising instances of objects; and 

a context barrier for separating and isolating said contexts, said context barrier configured 

for controlling execution of at least one instruction of one of said zero or more sets of 

instructions comprised by a program module based at least in part on whether said at 

least one instruction is executed for an object instance associated with a first one of said 

one or more separate contexts and whether said at least one instruction is requesting 
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access to an instance of an object definition associated with a second one of said one or 
more separate contexts, said context barrier further configured to prevent said access if 
said access is unauthorized and enable said, access if said access is authorized. 

54. (New) The computer program product of claim 53 in which said medium is a carrier wave. 

55. (New) A carrier wave carrying instructions for implementing an entry point object for 
bypassing a context barrier on a small footprint device over a communications link, said 
small footprint device comprising: 

at least one processing element configured to execute groups of one or more program 
modules in separate contexts, said one or more program modules comprising zero or 
more sets of executable instructions and zero or more sets of data definitions, said zero 
or more sets of executable instructions and said zero or more data definitions grouped as 
object definitions, each context comprising a protected object instance space such that at 
least one of said object definitions is instantiated in association with a particular context; 

a memory comprising instances of objects; and 

a context barrier for separating and isolating said contexts, said context barrier configured 

for controlling execution of at least one instruction of one of said zero or more sets of 

instructions comprised by a program module based at least in part on whether said at 

least one instruction is executed for an object instance associated with a first one of said 

one or more separate contexts and whether said at least one instruction is requesting 

access to an instance of an object definition associated with a second one of said one or 

more separate contexts, said context barrier further configured to prevent said access if 

said access is unauthorized and enable said access if said access is authorized. 

13 



SUN-P3709CNT 
(811173-000419) 



56. (New) A carrier wave carrying instructions over a communications link for separating a 
plurality of programs on a small footprint device by running them in respective contexts and 
for permitting one program to access information from another program using at least one 
entry point object, said small footprint device comprising: 

at least one processing element configured to execute groups of one or more program 
modules in separate contexts, said one or more program modules comprising zero or 
more sets of executable instructions and zero or more sets of data definitions, said zero 
or more sets of executable instructions and said zero or more data definitions grouped as 
object definitions, each context comprising a protected object instance space such that at 
least one of said object definitions is instantiated in association with a particular context; 

a memory comprising instances of objects; and 

a context barrier for separating and isolating said contexts, said context barrier configured 
for controlling execution of at least one instruction of one of said zero or more sets of 
instructions comprised by a program module based at least in part on whether said at 
least one instruction is executed for an object instance associated with a first one of said 
one or more separate contexts and whether said at least one instruction is requesting 
access to an instance of an object definition associated with a second one of said one or 
more separate contexts, said context barrier further configured to prevent said access if 
said access is unauthorized and enable said access if said access is authorized. 

57. (New) A method of transmitting code over a network, comprising transmitting a block of 
code from a server, said block of code comprising instructions for implementing an entry 



14 



SUN-P3709CNT 
(811173-000419) 

point object for bypassing a context barrier on a small footprint device over a 

communications link, said small footprint device comprising: 

at least one processing element configured to execute groups of one or more program 
modules in separate contexts, said one or more program modules comprising zero or 
more sets of executable instructions and zero or more sets of data definitions, said zero 
or more sets of executable instructions and said zero or more data definitions grouped as 
object definitions, each context comprising a protected object instance space such that at 
least one of said object definitions is instantiated in association with a particular context; 

a memory comprising instances of objects; and 

a context barrier for separating and isolating said contexts, said context barrier configured 
for controlling execution of at least one instruction of one of said zero or more sets of 
instructions comprised by a program module based at least in part on whether said at 
least one instruction is executed for an object instance associated with a first one of said 
one or more separate contexts and whether said at least one instruction is requesting 
access to an instance of an object definition associated with a second one of said one or 
more separate contexts, said context barrier further configured to prevent said access if 
said access is unauthorized and enable said access if said access is authorized. 
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